Exposure to malicious websites and downloads is the main way computers get infected with malware, so a better browser is one way to tighten security.
Microsoft Edge for Windows 10 brings numerous improvements over Internet Explorer. It strips out much of Explorer’s legacy code for a more secure base, and it is bolstered by several new defense technologies in Windows 10.
Staff, teachers and students can be vulnerable to credential theft and malware infections, so give them as much protection as possible by taking advantage of these Edge features.
1. Target Vulnerabilities to Restructure Security Strategy
Edge does away with proprietary ActiveX controls, which were easily exploited in Internet Explorer because of their deep integration with the OS. Any web apps that rely on ActiveX will need to be rewritten to work in Edge. (Most commercial websites don’t rely on ActiveX.)
Edge blocks Adobe Flash Player by default, because hackers often target it. As an alternative, many sites have already moved to HTML5. When Flash is required, Edge will prompt users for permission to run it. Microsoft maintains a list of trusted Flash-based websites that work without users needing to give permission. Schools can also block Flash entirely using Group Policy.
2. Minimize Exposure to Untrusted Sites
For schools requiring a higher level of security, Windows Defender Application Guard runs Edge in a container that isolates user sessions from the OS and other applications. When WDAG is enabled, any malware that runs in the browser session can’t break out, which protects the integrity of Windows and user data.
Closing a WDAG session also deletes any malicious code to which the user was exposed.
IT can configure WDAG to open sites that are not trusted and have all other sites run in Edge without protection. Like most security technologies, WDAG has some disadvantages: Users can’t access their favorites in a WDAG session. But staff can enable data persistence so that users’ favorites and cookies are maintained across WDAG sessions.
3. Improve Authentication for K–12 Users Beyond Passwords
Microsoft discourages passwords because they are so easily compromised. Windows Hello lets users log in to Windows with a gesture, such as a PIN code or biometric authentication. Edge now supports Windows Hello, so users can sign in to websites this way.
Microsoft’s login site also supports Windows Hello, so users can access their Microsoft account using a PIN, gesture or security key.
Microsoft has been working with the FIDO Alliance to create Web Authentication, a standard also supported by Google, that supports logging in to sites using Windows Hello or portable FIDO2 security keys. Few commercial sites support FIDO currently, but schools can FIDO-enable their own sites.